On 8/12/2011 5:24 p.m., Eugene M. Zheganin wrote:
Hi.
On 07.12.2011 17:44, Amos Jeffries wrote:
Minor bug, the bracketed () message is wrong about the state. It is
actually still waiting for the lookup to complete.
What you should find is that some unknown time later (helper response
delay, maybe up to 50-100 milliseconds?) you get another mention of
testing checklist 0x802797a18. That will have a second allow/skip
action response to this test followed by any continuing steps the ACL
lookups may have done.
Okay. You were of course right, I did found that ACL finally matched.
So may be this post isn't at all about the subject. I remember thet in
2.6 there was an explicit message about the reason of allowing or
disallowing a request, it sounded like 'The request of Foo/Bar was
<allowed|denied> because it matched the <ACL name>'. It looks like in
3.x there's no such explicit message, is it ? May be there's a similar
message, so can you please point to it, so I can debug further ?
This is displayed at: debug_options 85,2
NP: the "allowed/denied" has changed to a number in the more recent 3.x
versions to debug the
allow/deny/dunno/auth-required/auth-failed/auth-missing/auth-expired-but-okay
states and other extensions to the ACL system.
Amos